#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Enable ExecShield

#Initialize variables
export PRECHECK="grep 'kernel.exec-shield = 1' /etc/sysctl.conf"
export QUESTION="Would you like to enable ExecShield"
export DESCRIPTION="ExecShield comprises a number of kernel features to provide protection against buffer overflows. These features include random placement of the stack and other memory regions, prevention of execution in memory that should only hold data, and special handling of text buffers"
export SOLUTION="changeOrAdd 'kernel.exec-shield' 'kernel.exec-shield = 1' /etc/sysctl.conf; changeOrAdd 'kernel.randomize_va_space' 'kernel.exec-shield = 1' /etc/sysctl.conf"


